如何在ONTAP 9中将卷的安全模式从UNIX更改为NTFS

最后更新
另存为PDF

Views:: 41

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

适用场景

ONTAP 9

问题描述

本文包含有关修改现有卷/qtree的安全模式以及将NTFS权限传播到 ONTAP 9中的子文件夹和文件的说明

操作步骤

将卷或qtree的安全模式修改为NTFS：

::> volume modify -vserver vserver_name -volume -security-style ntfs

更改安全模式后、卷的根目录将会更新

示例

Cluster::> vserver security file-directory show -vserver Vs1 -path /vol1

Vserver: Vs1 File Path: /vol1 File Inode Number: 96 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-Everyone-0x1f01ff-(Inherited) ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)
对任何子对象所做的唯一更改是安全模式

示例

Cluster::> vserver security file-directory show -vserver Vs1 -path /vol1/new.txt

Vserver: Vs1 File Path: /vol1/new.txt File Inode Number: 102 Security Style: ntfs Effective Style: unix DOS Attributes: 20 DOS Attributes in Text: ---A---- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 1 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: -

在Windows端执行以下步骤、将DACL信息传播到子文件夹和文件。

从窗口访问共享、然后导航到"属性"下的"安全"选项卡中的"高级"选项
单击所有者旁边的"更改"、选择适当的用户
单击"将所有子对象权限条目替换为此对象的可继承权限条目"选项、然后单击应用

注意：您可以根据需要在父文件夹上添加/删除DACL、然后再单击上面的选项。

此过程完成后、所有子对象现在都将NTFS显示为有效安全模式、并应用NTFS ACL
在此过程完成之前、ONTAP将强制实施UNIX permissions

追加信息

当qtree的安全模式为UNIX时、qtree上的文件目录以及其下的文件/文件夹的输出

示例

::> file-directory show -vserver svm01 -path /vol1/tree3 (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3 File Inode Number: 1346562 Security Style: unix Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 755 UNIX Mode Bits in Text: rwxr-xr-x ACLs: -

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1 (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3/folder1 File Inode Number: 1346564 Security Style: unix Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 1 UNIX Mode Bits: 755 UNIX Mode Bits in Text: rwxr-xr-x ACLs: -

::>file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3/folder1/file2.txt File Inode Number: 1346565 Security Style: unix Effective Style: unix DOS Attributes: 20 DOS Attributes in Text: ---A---- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 1 UNIX Mode Bits: 755 UNIX Mode Bits in Text: rwxr-xr-x ACLs: -

将qtree的安全模式修改为NTFS且未向Microsoft Windows客户端上的子对象继承权限时、文件目录的输出将显示在qtree上及其下的文件/文件夹上

示例

::> file-directory show -vserver svm01 -path /vol1/tree3 (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3 File Inode Number: 1346562 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-Everyone-0x1f01ff ALLOW-Everyone-0x10000000-OI|CI|IO

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1 (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3/folder1 File Inode Number: 1346564 Security Style: ntfs Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 1 UNIX Mode Bits: 755 UNIX Mode Bits in Text: rwxr-xr-x ACLs: - ::> file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3/folder1/file2.txt File Inode Number: 1346565 Security Style: ntfs Effective Style: unix DOS Attributes: 20 DOS Attributes in Text: ---A---- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 1 UNIX Mode Bits: 755 UNIX Mode Bits in Text: rwxr-xr-x ACLs: -

将qtree的安全模式修改为NTFS并对Microsoft Windows客户端上的子对象具有继承权限时、文件目录输出将显示在qtree上及其下的文件/文件夹

示例

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1 (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3/folder1 File Inode Number: 1346564 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 1 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8504 Owner:BUILTIN\Administrators Group:NASLAB\Domain Users DACL - ACEs ALLOW-Everyone-0x1f01ff-OI|CI (Inherited)

::> file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt (vserver security file-directory show)

Vserver: svm01 File Path: /vol1/tree3/folder1/file2.txt File Inode Number: 1346565 Security Style: ntfs Effective Style: ntfs DOS Attributes: 20 DOS Attributes in Text: ---A---- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 1 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8504 Owner:BUILTIN\Administrators Group:NASLAB\Domain Users DACL - ACEs ALLOW-Everyone-0x1f01ff-(Inherited)